openssh 3.01/openssl 0.9.6a

O

onan

Prescriptivist
Firstly, I should point out that there have been discussions on the openssh-dev list regarding probable remote-root exploits in all versions below 3. So you should immediately either upgrade to >=3, or turn of "Allow remote logins" in the Sharing pane of System Preferences.

Attempting to do this myself, I've had strange problems with openssh3.01. The build appears to go smoothly, but when I try and run any of the binaries, I get:

OpenSSL version mismatch. Built against 90601f, you have 90602f

In several attempts to get this to work, I've ensured that I have exactly one version of openssl installed; 0.9.6a, installed into /usr/local/ssl from a binary .pkg. I removed /System/Library/OpenSSL.

Any ideas on what might be confusing it?
 
The linker is most likely seeing the OpenSSL stuff under /usr/lib which ships with Mac OS X. The files are /usr/lib/libcrypto* and /usr/lib/libssl*. However, the version you're using, 0.9.6a, is not current, so you may want to upgrade that.
 
and the system install...

the header files and the binaries will not match. when you are compiling you have compiled against 90601f (0.96a) but somehow you have a .96b installed


compiling openssl however is not trivial as it requires some patches in the configuration files to recognize the settings correctly. and make a good new crypto library.
<blockquote>
>%ssh -V
OpenSSH_3.0.1p1, SSH protocols 1.5/2.0, OpenSSL 0x0090602f
>%openssl version
OpenSSL 0.9.6b 9 Jul 2001
</blockquote>

is what you should get.

no doubt apple will make some update soon.
 
Originally posted by onan
Firstly, I should point out that there have been discussions on the openssh-dev list regarding probable remote-root exploits in all versions below 3. So you should immediately either upgrade to >=3, or turn of "Allow remote logins" in the Sharing pane of System Preferences.
Click to expand...

Is this the (relatively) old hash table
vulnerability in SSH protocol version 1?
If so, does disabling fallback from protocol 2 to 1 still work around it?
 
There appears to be some uncertainty of how much risk is posed. Several members of the openssh-dev list have confirmed the availability of a buffer overflow, but opinions differ as to whether it could be leveraged into arbitrary root code.

The only specific and confirmed vulnerability cited by update packages (from more alert vendors than Apple) is a way around the "confounding packets" intended to make passive analysis more difficult.

(And yes, I did finally get openssh3.01 to compile and run with a single version of openssl. Now I can get all the way to a bus error at runtime! Yay!)
 
You must log in or register to reply here.
Back
Top